I'm using z-push-contrib to get emails from an IMAP server (run by me as well).
If I use the imap_open
option /ssl
and connect to port 993, TLS 1.2 is being used.
If I use /tls
and connect to port 143 using STARTTLS, TLS 1.0 and a different cipher is being used.
SMTP behaves the same (STARTTLS only uses TLS 1.0)
If I use openssl from the command line, TLS 1.2 is being used:
It doesn't matter if I connect to port 993 or to 143 with STARTTLS, I always get a TLS 1.2 connection using the same strong, modern cipher.
Is this a bug in PHP's Openssl implementation?
No, it's defined at the PHP documentation :
The difference is very subtle. Basically StatTLS connects to an unencrypted port/connection and then asks for encryption, while TLS/SSL sessions are encrypted before any text is transmitted (see STARTTLS ). They usually use different ports, but it's common for mail servers to support both on both ports (so they support a broader range of clients).
Cipher and TLS version choice is based on client-server negotiation, but STARTTLS could be understood as a less-capable client or server, then the parameters for decision differ.
AFAIK, there's no limitation on the usage of TLS1.1 and TLS1.2 when connecting through STARTTLS, but they do connect differently than TLS/SSL.
In doubt, use TLS/SSL, since it's more secure :)
Update
PHP IMAP extension makes use of c-Client library for IMAP protocol-specific functions. This library is somewhat outdated (2007) — and probably handles STARTTLS commands differently than calling openssl — that's why the difference in encryption/ciphers used.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.